Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security."— Presentation transcript:

1 Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security

2 Security Awareness: Applying Practical Security in Your World 2 Objectives List some of the challenges of making a computer secure Explain how to be prepared for a security attack List the steps that are important to keeping alert to attacks Explain how an organization and a user can resist security attacks

3 Security Awareness: Applying Practical Security in Your World 3 Total Security Computers around the world are vulnerable to threats New threats surface almost daily The need for security will continue to be a key element of IT systems Total security is a way of THINKING, PLANNING AND ACTING

4 Security Awareness: Applying Practical Security in Your World 4 The Security Challenge Trends expert cite  Speed of attacks Sophistication of attacks Faster detection of weaknesses Distributed attacks Attacks on routers Difficulties in patching (See Table 6-1)

5 Security Awareness: Applying Practical Security in Your World 5 The Security Challenge (continued)

6 Security Awareness: Applying Practical Security in Your World 6 Prepare for Attacks Security begins with preparation: Right philosophy about security Create a framework for action Putting it all into practice

7 Security Awareness: Applying Practical Security in Your World 7 Develop a Philosophy Information security philosophy  Absolute security can never be achieved on any network or computer Positive side: Users’ and administrators’ awareness of lack of 100% security = Be more alert!

8 Security Awareness: Applying Practical Security in Your World 8 Establish a Framework Framework  Establish how security should be approached Microsoft’s framework  SD3+C Secure by Design Secure by Default Secure by Deployment Communications

9 Security Awareness: Applying Practical Security in Your World 9 Establish a Framework (continued) Cisco’s framework Protect against known and unknown attacks Deploy security devices in layers Integrate security throughout the network Be sure decision making and reporting are accurate Security solution must be scalable and operationally effective

10 Security Awareness: Applying Practical Security in Your World 10 Take Action Implementing security involves: Patching software Hardening systems Blocking attacks Testing defenses

11 Security Awareness: Applying Practical Security in Your World 11 Patch Software Patch software  Hackers exploit weaknesses resulting from unpatched software to gain the easiest route Organizations and individuals should have a process for identifying vulnerabilities and responding by applying necessary patches immediately Proactive patch management is the first step in maintaining a secure environment (See Table 6-2)

12 Security Awareness: Applying Practical Security in Your World 12 Patch Software (continued)

13 Security Awareness: Applying Practical Security in Your World 13 Harden Systems Hardening  Properly configuring and securing a system against attackers Default configurations are often left unsecured Steps to systems hardening: Know what you are trying to protect Know what you are trying to protect it from

14 Security Awareness: Applying Practical Security in Your World 14 Harden Systems (continued) Systems hardening includes: Computer Patch management Install antivirus and antispyware and keep updated Disable macros in Office applications Internet connection Block cookies Set browser security settings to highest level

15 Security Awareness: Applying Practical Security in Your World 15 Harden Systems (continued) Systems hardening includes: (continued) Implement advanced security as necessary Use WEP encryption E-mail Filter out executables Turn off Preview Pane Wireless networks Turn off broadcast information Filter MAC addresses

16 Security Awareness: Applying Practical Security in Your World 16 Block Attacks Prime defense in blocking attacks is a firewall Enterprise firewalls  Installed at the network perimeter Individual users  Internet Connection Firewall or other personal firewall software Hiding IP address of devices from hackers NAT Proxy servers

17 Security Awareness: Applying Practical Security in Your World 17 Test Defenses Does it all work? Don’t wait for an attack to find out! TEST YOUR OWN DEFENSES! Several products are available to probe defenses and find weaknesses Microsoft Baseline Security Analyzer (See Figure 6-1) Testing should be a regular step in the security process

18 Security Awareness: Applying Practical Security in Your World 18 Keep Alert Biggest mistake when dealing with security is letting guard down It is important to always keep alert to new threats Know what hackers are doing Use support provided by other security groups Be familiar with tools used to secure systems

19 Security Awareness: Applying Practical Security in Your World 19 Know the Enemy Attacks on data usually follow trends and create patterns Most hackers imitate other hackers The Internet contains a wealth of information posted by hackers (See Figure 6-2) Visit hacker Web sites regularly to keep up on what hackers are doing

20 Security Awareness: Applying Practical Security in Your World 20 Join with Allies You are not alone in the fight for information security Learn from other groups Many Web sites provide information on security: www.sans.org isc.incidents.org www.cert.org (See Figure 6-3)

21 Security Awareness: Applying Practical Security in Your World 21 Build a Toolbox There are many tools available for securing a computer or network Search the Internet for information and tools to help with security efforts

22 Security Awareness: Applying Practical Security in Your World 22 Resist Attack No matter how good defenses are, attacks will happen Organizations and individuals need to know how to react to an attack

23 Security Awareness: Applying Practical Security in Your World 23 Organizational Response Response must be orchestrated among users, managers, IT personnel, and others Response measured in: How to prepare How to know if an attack is occurring] How to respond How to preserve evidence

24 Security Awareness: Applying Practical Security in Your World 24 Organizational Response (continued) Preparation Store a clean copy of the operating system on a CD for quick clean-up and reinstallation Keep updates for all software on CD in the event the Internet is unavailable during reinstallation Be sure users have adequate training Keep a prioritized list of key assets to be protected first in an emergency Establish and maintain disaster recovery information for all systems

25 Security Awareness: Applying Practical Security in Your World 25 Organizational Response (continued) Detection Early warning signs of an attack Changes in network traffic Slow running computer Sudden appearance of a new user account Maintain and review event logs Visit security organizations for up-to-date information on latest attacks and trends

26 Security Awareness: Applying Practical Security in Your World 26 Organizational Response (continued) Response Identify the nature of the attack Identify the source Communicate information about attack to appropriate persons All users may or may not need to know, based on the nature of the attack Isolate and contain the attack Determine additional steps necessary based on the nature of the attack (change passwords, disconnect, etc.)

27 Security Awareness: Applying Practical Security in Your World 27 Organizational Response (continued) Preserve Evidence Computer forensics  Science of preserving and analyzing evidence Evidence may be used to prosecute Many tools are available for forensics work General rules to follow: Keep backup copies of logs Take detailed notes Don’t attempt to change or fix the affected computer The more you do to it, the more likely you are to destroy evidence

28 Security Awareness: Applying Practical Security in Your World 28 User Response Response for a user is usually not as extensive as that for an organization Guidelines: Keep a current copy of your operating system’s recovery disk and operating system software on CD Be aware of news of impending attacks and/or check security sites regularly Keep watch over your computer If you are attacked, disconnect from the Internet

29 Security Awareness: Applying Practical Security in Your World 29 User Response (continued) User response guidelines: Use another computer to search the Internet for cleanup tools. Copy to CD and run on affected computer Inform contacts in e-mail address book that you were attacked and to be cautious of e-mail from you Find virus removal tools After clean up, determine why your computer was compromised and what you can do to prevent it in future

30 Security Awareness: Applying Practical Security in Your World 30 Summary Computer attacks are becoming more sophisticated and more frequent. Defending against attack requires a total secure approach Security begins by having the right mind set or philosophy and developing a framework for security. We can never be totally secure  BE ALERT!

31 Security Awareness: Applying Practical Security in Your World 31 Summary (continued) Four major steps to putting the framework and philosophy into practice: Patch Harden Block unnecessary traffic Test It is important to keep alert to new security challenges Staying up-to-date on current threats and tools can help keep a system secure

32 Security Awareness: Applying Practical Security in Your World 32 Summary (continued) Key steps in responding to an attack: Preparation Detection Inform users Preserve evidence

Download ppt "Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security."

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Firewall Configuration Strategies

Firewall Configuration Strategies
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google